Description of the vulnerability

Node.js adm-zip: directory traversal

Synthesis of the vulnerability

An attacker can traverse directories of Node.js adm-zip, in order to create a file outside the service root path. This vulnerability is a member of the Zip Slip family (VIGILANCE-VUL-26357).Impacted products:Business Objects, Nodejs Modules ~ not comprehensive, SAP ERP, NetWeaver.Severity: 2/4.Consequences: data creation/edition.Provenance: document.Creation date: 13/06/2018.Identifiers:CVE-2018-1002204, VIGILANCE-VUL-26400.

Description of the vulnerability

An attacker can traverse directories of Node.js adm-zip, in order to create a file outside the service root path. This vulnerability is a member of the Zip Slip family (VIGILANCE-VUL-26357).Full Vigil@nce bulletin... (Free trial)